Anders Rundgren wrote: > > I like the PKCS#11 over USB idea! .. > > trivial to provide a single portable PKCS#11 driver > > Pardon my ignorance, but I have not a clue what you mean with > "PKCS #11 over USB" and "single driver" because there is no card > that exhibit a PKCS #11 API. > > Could you elaborate a bit on this?
The idea is to make it. It should be really straightforward, and useful if the token you want to design is centered around PKCS#11 operations. As for single driver, that's a program which could rely completely on libusb for hardware communication (WinMacLinuxFBSD, maybe Solaris) and provide what would probably be really thin PKCS#11 wrapper on top of USB calls to the outside world. Basically remove the whole lot of APDUs, T=0/T=1, CCID and PC/SC, and talk PKCS#11 nearly directly with hardware. No - it doesn't solve any of the other issues you raise, but for compatibility with deployment and personalisation software stacks the device could also be CCID compliant, at the same time. The point with PKCS#11/USB is that the device driver would be the PKCS#11 provider, and that device driver could be written in a short time, and run on lots of systems. //Peter _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
